Internet Security Essentials: conflict with Avast? [Resolved]

Hi

I recently updated my Comodo Firewall to version 10, and after yesterday’s hotfix I receive warning popup from Internet Security Essentials whenever I visit any website: Warning! A potential security breach has been detected. I have discovered that when I disable Avast’s SSL scanning (which works like Man-in-the-middle) the popups no longer appear.
However I haven’t been able to find anyone with similar problem online. Is it a simple conflict between two pieces of software or am I infected with some kind of malware?

Yes its a conflict between the two applications. Avast adds their own SSL certification so it can do ssl inspection, comodo ISE only trusts its own list of certs.

Ok, thanks, but how’s that possible I’m the only one on the whole internet to report this behavior?

Any fixes for that besides disabling Avast SSL scanning/ Comodo ISE?

Probably most users uninstall ISE and because of a bug that once ISE is removed, it wont install again when you install a newer version of CIS/CFW. So either disable Avast SSL scanning or uninstall ISE.

Thanks for prompt replies, one last question: why popups only started appearing after hotfix and not before? I upgraded to Comodo FW 10 about a week ago.

Not sure maybe it was working right and the update fixed it? Or they changed the way it detects a ‘breach’ to show the warning. Idk.

Hi.

My Comodo Firewall updated the other day, and now I usually get this alert when starting Chrome:

I click “Protect me and block the website access”…

Then some of my tabs show “Your connection is not private” and “net::err_cert_authority_invalid”

When I selected “net::err_cert_authority_invalid” in order to google it, certificate details appeared, including “Issuer: avast! Web/Mail Shield Root”.

The sites display normally after disabling… Avast > Settings > Components > Web Shield > Customize > Enable HTTPS scanning.

So avast generates its own certificates to access SSL, and Comodo is reporting it as a Man-in-the-middle attack?

Here’s what avast says:

When the sites display correctly, the certificate issuer is not “avast! Web/Mail Shield Root”, but something like Symantec or thwate.

So, should I be concerned that avast is accessing my SSL?

Should I get rid of Comodo and use Windows firewall?

Should I disable avast’s SSL scanning?

thx

https://forums.comodo.com/firewall-help-cis/internet-security-essentials-a-potential-security-breach-conflict-with-avast-t118976.0.html

You can either uninstall ISE or turn off Avast SSL scanning.

Hi, you are not the only one to be getting this, I just had not got around to researching it. I get it every time I start Chrome with a warning about google.com.
Rgds
John

OK, I checked it by installing fresh copy of Windows into VM and it’s indeed conflict :o between Comodo & Avast so yo’re safe :smiley:

Thanks - I put google.com into the Avast exclusion list, now its moved on to google-analytics.com. I might exclude this but I think it will then pick another. It could be a never ending story.

You would have exclude every site there is on the internet.
Only solution I know is to disable SSL scanning in Avast (it may be possible to disable certificate check in Comodo too, but I’m not sure).

ISE is going to improved to provide more details of the block and options to add certificate to whitelist and website to exclusion see umesh proposed mock up of alert here.

I am having the exact same problem. I am using comodo, avast, chrome. I am getting the same alert for man in the middle attack, BUT only when using chrome AND sometimes the chrome browser states that the site certificate is invalid and will not let you visit that site. I turned off Avast web shield, shutdown the computer, turned it back on. Still the same problem with Chrome. Firefox is not having the same problem.

I like Firefox, but I like Chrome better. I thought I liked Comodo firewall better than ZoneAlarm, but now I’m not sure. My biggest problem was that I changed to Avast and Comodo at the same time. If Comodo would help me, I could trust the product better. I tried GeekBuddy, but that person didn’t have a clue.

i must apologize to Futuretech. Your solution of “The sites display normally after disabling… Avast > Settings > Components > Web Shield > Customize > Enable HTTPS scanning.” was EXACT! My confusion came from the material on the Avast site, which differs from the version of Avast that i have and i guessed at how to DISABLE Https scanning. After my guess did not work, I reread your solution and now all my favorite programs are behaving normally.

Thank you, futuretech!